If I understood correctly you mean /XXX is created on the fly.
Probably a variant of the Random JS Toolkit [1].
[1] <http://blog.eonsec.com/2008/01/random-js-toolkit.html>
-- Ed <.. _ . . _>
On Tue, Mar 18, 2008 at 7:58 AM, Greg Song <bigrootno1_at_gmail.com> wrote:
> Hi all
> Thesedays I'm analyzing the solarys system that using apache web
> server and php. Of cause it hacked.
> I could not find reason of some situation that the specified directory
> are created over and over(it includes check.js)
> Weblog record as below
> >> xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js
> Some pages can upload the file but it didn't work when I uploaded some php file.
> I'm wondering how it makes some directories.
> Any suggestin,ideas.
> Thanks all
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
> Methodologies & Tools for Web Application Security Assessment
> With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> -------------------------------------------------------------------------
>
>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Mar 18 2008
Intro
